I have deployed the Azure Marketplace ElasticSearch cluster, and am trying to configure my FileBeat to ship to it. I am confused about how to ship logs to LogStash.
My filebeat is on a separate network from the logstash VM. The tutorial mentions using Kibana as a jumpbox to access Logstash, but I am unsure how to do this from within the FileBeat configuration file.
The output portion of my filebeat config looks like this:
You need to be able to connect to Logstash machine from within the machine where Filebeat is running. For this you need to know the IP of the VM where Logstash is running. Then you will need to export this as an env variable like export LOGSTASH_HOST=1.2.3.4 so as to be consumed by Filebeat in the configuration.
The VM on which LogStash is running does not have a public IP address, just a private IP on the virtual network. The Kibana VM does have a public IP, and there is reference in the documentation to using this VM as a jump server into the Logstash VM, but I am unsure on if this is the right thing to do and how to instruct the filebeat to connect in this way.
My one other thought was just to try to ship logs to the Public IP at the LogStash port (5044) but this has not worked for me either
These are the resources I have been following in order to get up an running:
I think your issue has not to do with Filebeat/Beats at all but with the understanding of stack setup in that case. I would suggest making your question to the corresponding topic with the proper tittle so as to be more specific.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.